Android malware hidden in QR code apps infects 1 million users

A new form of Android malware has been discovered in the Google Play Store by security researchers.

Named Andr/HiddnAd-AJ, the malware remains inactive for six hours after being downloaded before bombarding users with ads.

The apps were downloaded more than half a million times, though Google has now removed them.

A new strain of Android malware is said to have infected at least a million users while hidden inside seemingly harmless apps.

Six QR readers and a smart compass app contained the malicious code, which initially went undetected by Google’s Play Store security checks. The apps were downloaded more than 500,000 times before Google pulled them.

Editor's Pick

Google’s Play Protect service had huge impact on security in 2017

Last year, Google rolled out a new security feature in Android devices: Play Protect. To help combat malicious apps that users either knowingly or unknowingly install on their devices from outside the Google Play Store, …

The malware, called Andr/HiddnAd-AJ, was discovered by researchers at SophosLabs who published an article about their findings last week (via ZDNet). The code lies dormant on devices until six hours after installation when it bombards affected devices with ads and notifications; it’s intended to generate ad revenue clicks for the perpetrators.

SophosLabs didn’t provide names for the seven apps responsible but you can see four of them in the image above. If you suspect one of your apps contains the malware, you can try reinstalling it—if you’re able to, you’re in the clear, since Google has removed the offending apps from the Play Store. Google’s Play Protect scanning feature may have already notified you of the problem also.